Allowing network users to sudo on workgroup clients

Similar Messages

• Login Options: Where is "Allow network users" stored?

  Hi all
  If I enable "Allow network users to login to this computer" in SystemPreferences / Accounts / Login Options - anyone knows where that gets stored?
  I searched in the /Local/Default/ directory and in /Library/Preferences, but couldn't find anything. I'd like to write a script to modify access for network users; no problems in adding and deleting users from the list, but I can't turn on and off general access...
  Thanks, Tina

  I have set up a Mac OS X Server for Open Directory but I do not seet the additional option to allow network users to log in on a Mac OS X 10.4 client.
  This may be one of the reasons I cannot login with networks accounts.
  Unfortunately, I also cannot login using network accounts to the server which does have the network users option checked.
  I have the Mac OS X Server set up to be a LAN DNS server, which worked fine before I connected the second ethernet interface to the Internet. Now changeip -checkhostname insists that the Web address of the server should be the address of the hostname when it MUST be the LAN IP address to work properly. I can find no one to login to either of these machines as a network users, even though I can find the users through the Address Book, indicating that the Open Directory connection is properly configured and even though I can ping by name through the LAN which indicated DNS is set up properly.

• Allow network users to login at login window option missing

  I hope someone can shed some light on this.
  I have bound a 10.6.2 machine to a Windows 2003 domain successfully. However, the checkbox to "allow network users to login at login window" is missing completely. There's a blank space. I've looked at a few other machines that haven't been joined to the domain and the option is missing from there as well.
  Am I missing something simple? Did I miss something during the OS install? This is a fresh 10.6.2 install.
  Any help would be greatly appreciated as this is keeping us from allowing domain users to log on. Thanks in advance.

  I installed ADmitMac and the option shows up. I removed it and the option goes away. There's obviously a flag being set somewhere. Any thoughts?

• How can I allow network users to use File Sharing on 10.8 Server?

  I am in the process of setting up a new OS X 10.8 Server. I have exported/imported the network users from my previous OS X 10.6.8 Server using Workspace Manager. I have re-entered the passwords of the users. I have existing clients running (stil logged in).
  I have set up the File Sharing service in Server.app. I have several mount points. I have made the Users mount point available for home directories over AFP.
  Now, the system administrator can connect to the server and get access to the file shares. So the basic file sharing system works.
  Also: the users on a client can get there password verified (e.g. when unlocking screen protection) by the server. It is just AFP they can't get access to, while the system administrator account (OD /Local on the server) can be used. So, the password in the server is OK too. It seems to be a matter of privileges.
  But no network user (OD user in directory /LDAPv3/127.0.0.1 on the server) can get access. Where can I give network users privileges for File Sharing on the server?
  I did try to add either the "Open Directory Users" group or a specific user that was imported into com.apple.access_afp. If I do that, there is partial success. I can connect to the server from the client with a user account other than system administrator from the server (but connecting is slow). But Mobile Home Sync does not work:
  1:: [13/04/05 16:11:10.379] Scheduling next sync of "HomeSync_Mirror" at 2013-04-05 14:11:20 +0000
  1:: [13/04/05 16:11:20.782] ==========================================================
  0:: [13/04/05 16:11:20.782] Starting automatic sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:20.786] Peer "network" reports changes since last sync.
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:alias:]: isRemote = NO
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: peer = <SPeer_FS:0x7fd5a5009520> = local, optionalStoreID = (null), peer.storeIDString = *
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: rootPath        = /Users/gerben
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: storePath       = /Users/gerben/.FileSync/store.filesyncstatetree
  1:: [13/04/05 16:11:20.787] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: rootAlias       = {path='/Users/gerben', targetName='gerben', volumeName='Macintosh HD', type=DIR, volumeCreateDate=2010-08-10-12:58:16, targetCreateDate=2011-08-28-18:39:13, parentDirID=37638, nodeID=3003598, filesystemID=0000 ('0000'), signature=0x482b ('H+'), isBootVolume=YES, isAutomounted=NO, isEjectable=NO, hasPersistentFileIDs=YES, mounted=YES, url='file://localhost/'}
  0:: [13/04/05 16:11:20.789] -[SPeer_FS _mountServerCallbackShares:status:]: received error 64
  0:: [13/04/05 16:11:20.790] EXCEPTION: _mountServerCallbackShares:status: (Host is down) <-[SPeer_FS mountPeerVolumeWithURLString:] (Peer-FS.m:446): "'(-1)' error 64">
  0:: [13/04/05 16:11:20.790] USERINFO: {
  0:: [13/04/05 16:11:20.790]     NSLocalizedDescription = "Host is down";
  0:: [13/04/05 16:11:20.790] }
  0:: [13/04/05 16:11:20.790] BACKTRACE: {
  0:: [13/04/05 16:11:20.790] ? | 0x105cb79b7  
  0:: [13/04/05 16:11:20.790] ? | 0x105cbf0e5  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2c866  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2babd  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2acb4  
  0:: [13/04/05 16:11:20.790] ? | 0x7fff858bb72a
  0:: [13/04/05 16:11:20.790] ? | 0x7fff858bb6a2
  0:: [13/04/05 16:11:20.790] ? | 0x7fff874cf8bf
  0:: [13/04/05 16:11:20.790] ? | 0x7fff874d2b75
  0:: [13/04/05 16:11:20.790] }
  1:: [13/04/05 16:11:20.790] Peer "network" is unable to sync. (-[SPeer_FS mountPeerVolumeWithURLString:] (Peer-FS.m:446): "'(-1)' error 64")
  0:: [13/04/05 16:11:20.790] Peer "network" is unable to sync. Not enough peers will be available to continue syncing.
  0:: [13/04/05 16:11:20.790] Aborting sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:20.790] -[SPeer abortSync] "local"
  1:: [13/04/05 16:11:20.797] -[SStore_FS setupWithAlias:andRef:] (Store-FS.m:447): unlink('/Users/gerben/.FileSync/.fstemp.QW1Gh-bhvgEhVwmG3.noindex')
  0:: [13/04/05 16:11:20.798] EXCEPTION: !IF <-[SPeer(protected) doPrepareForSyncWithResolvedConflicts:] (Peer.m:1149): "'(([self checkAbort]))'">
  0:: [13/04/05 16:11:20.798] BACKTRACE: {
  0:: [13/04/05 16:11:20.798] ? | 0x105c2bb66  
  0:: [13/04/05 16:11:20.798] ? | 0x105c2acb4  
  0:: [13/04/05 16:11:20.798] ? | 0x7fff858bb72a
  0:: [13/04/05 16:11:20.798] ? | 0x7fff858bb6a2
  0:: [13/04/05 16:11:20.798] ? | 0x7fff874cf8bf
  0:: [13/04/05 16:11:20.798] ? | 0x7fff874d2b75
  0:: [13/04/05 16:11:20.798] }
  1:: [13/04/05 16:11:20.798] -[SStore_FS deleteStateTreeTurdFile] (Store-FS.m:476): unlink('/Users/gerben/.FileSync/store.filesyncstatetree.statetree_dirty')
  1:: [13/04/05 16:11:20.798] Peer "local" is unable to sync. (-[SPeer(protected) doPrepareForSyncWithResolvedConflicts:] (Peer.m:1149): "'(([self checkAbort]))'")
  0:: [13/04/05 16:11:20.798] Peer "local" is unable to sync. Not enough peers will be available to continue syncing.
  1:: [13/04/05 16:11:20.798] EXCEPTION: SFAbortedException <-[SSyncEngine _waitForPeers:] (SyncEngine.m:1922): "'(_abort)'">
  1:: [13/04/05 16:11:20.798] -[SSyncEngine threadMain_SyncEngine_sync:]: sync failed with exception "-[SSyncEngine _waitForPeers:] (SyncEngine.m:1922): "'(_abort)'"".
  0:: [13/04/05 16:11:21.066] Sync of "HomeSync_Mirror" encountered errors. (_mountServerCallbackShares:status: (Host is down))
  0:: [13/04/05 16:11:21.067] Last successful sync completed at 2013-04-04 20:17:15 +0000.
  0:: [13/04/05 16:11:21.067] Finished sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:21.067] Scheduling next sync of "HomeSync_Mirror" at 2013-04-05 14:31:21 +0000
  1:: [13/04/05 16:11:21.284] 1-pass sync of "HomeSync_Mirror" took 0.02 seconds

  Hi Gerben,
  Try creating a brand new user, that's not imported and see if that works. Every user/group has a little gear in the Server.app/Users or Groups which allows specific access to specific services, perhaps filesharing is off in that section?
  Is your DNS setup properly? Can you verify that clients can see the FQDN of your server?
  After setting up the Users folder for mobilehomes, did you check whether the group and the separate users have access to filesharing? I am able to select the correct homefolder /Users and restrict the homefolder size.
  Goodluck!
  Jeffrey

• How can I enforce Parental Controls on a group of network users on an Open Directory client?

  I have a Mac mini running OS X Server (Mountain Lion) and have a client family iMac that is a client of the Open Directory server. I have created network users for my kids and put them into a group and created Parental Control restrictions that apply to members of the group. However, the kids can log into the iMac with the same network accounts and no Parental Control policies are enforced on the iMac.
  I'd like to restrict times and hours per day, as well as the obvious content/website restrictions. I'm not sure why the Parental Control policy isn't being enforced. While I'm not great at it, I do have a basic understanding/overview of knowledge on Windows Server administration, but OS X Server seems to be waaay different...
  I have fiddled with the certificate, and I have told the client iMac to trust the certificate coming from my Open Directory server, but it doesn't seem to make much of a difference with the enforcement of the kids group's Parental Control policies.
  Can anyone assist or offer any suggestions?

  Related logs from the OD client iMac below:
  2013-07-13 20:37:45 -0400 mdmclient[12003]: *** ERROR *** [Agent:501] Sending 'OTA-Phase2' request to server: https://server.local/devicemanagement/api/device/ota_service (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";
      NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1001 \"The request timed out.\" UserInfo=0x7fef6a82b2b0 {NSErrorFailingURLStringKey=https://server.local/devicemanagement/api/device/ota_service, NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=https://server.local/devicemanagement/api/device/ota_service}";
  2013-07-13 20:37:45 -0400 mdmclient[12003]: *** ERROR *** [Agent:501] ProcessOTABootstrapProfileCore (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";
      NSUnderlyingError = "Error Domain=kCFErrorDomainCFNetwork Code=-1001 \"The request timed out.\" UserInfo=0x7fef6a82b2b0 {NSErrorFailingURLStringKey=https://server.local/devicemanagement/api/device/ota_service, NSLocalizedDescription=The request timed out., NSErrorFailingURLKey=https://server.local/devicemanagement/api/device/ota_service}";
  2013-07-13 20:37:45 -0400 System Preferences[11138]: *** ERROR *** [CPInstallerUI:501] Profile installation (Device Enrollment (com.apple.ota.server.local.bootstrap)) (<NSURLErrorDomain:-1001> The request timed out.
  UserInfo: {
      NSErrorFailingURLKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSErrorFailingURLStringKey = "https://server.local/devicemanagement/api/device/ota_service";
      NSLocalizedDescription = "The request timed out.";

• Network user can't see local home directory

  Hi there,
  I have a Mac Mini running Lion Server with Directory Services turned on. I've been using this to allow network users to log into Lion clients, as well as set up mobile accounts. This has been working fine.
  Now I've just created a new network user for use with a Mountain Lion client and have experienced some strangeness with this new user's home directory. The binding to the directory was fine, and the credentials for the network user were fine. However, when logged in, this new user has his home drive mapped to /Network/Servers/<servername>/Users/<username> rather than the expected /Users/<username>. This has bad side-effects. For instance, Chrome tries to save downloads to the server instead of locally.
  What I can't work out is why the home directory isn't pointing to a local location. The other users (on Lion) have the same home directories defined in their Open  Directory profiles. The only difference is the new user is on Mountain Lion, but I don't think this has any bearing to the problem.
  Can anyone offer some advice?
  Benjamin

  So I took my Mac Mini running OS X 10.8 Server, along with two client laptops: one exhibiting the problem I described, and the other where network logins and home directories worked as intended.
  Long story short, the guys at the Bar couldn't figure it out. The user definitions in Open Directory seemed ok, but they still couldn't work out why no local home directories were being created. Not sure if this helps, but in trouble-shooting, we also discovered that trying to login with a network user on the problematic laptop didn't work when the server wasn't on the network. It's as if the server is required to be present.
  Anyway, the case has been referred to the business team, which is supposed to have more expertise with OS X Server.

• Problem setting up Network User

  I am running Mac OS X 10.5 Server with clients running 10.5 also. Currently, there are several users on the server, but in Workgroup Manager, their home directory is set to null. The users have local accounts on certain 10.5 clients which are linked to their accounts on the server. So when they log in to the client, they are authenticated against their account on the server, and various settings (Mail, iCal) are picked up from the server.
  I now need to allow users to log in to any client machine without setting up a local account (and linking it to the server account) first. So I have gone through the procedures specified in the 'User Management v10.5' documentation, specifically the 'Administering Share Points' and 'Administering Home Folders -> Creating a Network Home Folder' sections. I have used the second set of procedures to create a network home folder for a single test user. I assume that this makes the test user a 'Network User', though how to create a 'Network User' is not explicitly specified anywhere.
  The problem is that on a client machine (that does not have a local account for the test user), the test user's network account is not listed on the login screen (though the login settings indicate it should be), and I also cannot log in as the test user by clicking on 'Other...' and supplying the requisite credentials. I should note that the client Mac is 'attached' to the server (eg. through Directory Utility).
  Can anyone provide advice as to what's going wrong? Is there some other (secret?!) step that is needed to create a Network User so that clients see the user and allow the user to login?
  Many, many thanks,
  Jolin

  Hi Leif,
  Many thanks for your reply.
  Leif Carlsson wrote:
  The only way of "linking" a "local" account on a computer to a OpenDirectory account that I know of is to create the "network" account homefolder on the local/client machine HD when the user is logging in to the OD server for the first time.
  Actually, it is possible to not have a network account or home folder, and link a local user to a user account on the server. When a client computer is bound to the OpenDirectory server, in the 'Accounts' preference pane of the client computer, there is a field called 'Server Account:' with a 'Set…' button. Clicking the 'Set…' button allows one to link the local account to the server account. Even though there is no home directory on the server, when the user logs in to the client Mac, the password and any managed preferences for that account are taken from the server account.
  The client machine has to be bound to OD first and the account should preferably be setup as a mobile account (so the account can be used even if the computer isn't connected to the network - logins are cached locally).
  I have bound the client machine to the OD server, but I have not yet set up the account as a mobile account. I plan to do this eventually, but wanted to get the 'basic' network user account working first.
  For a "true network home" folder residing only on a server volume/share, the OD account should use a share(point) setup in Server Admin for an automount AFP (or NFS) "User home folders" share.
  I have done this. The server has a sharepoint called 'Homes' which is set to automount over AFP, with the setting 'Use for: User home folders and group folders'. This seems to be working, because on the client Mac, the 'Homes' sharepoint automatically appears when browsing the available network volumes.
  Then in the OD the user should be setup to use the automatically created path (afp://<server FQDN>/<shared folder>) as it's homefolder path.
  I believe I've done this as well, using Workgroup Manager. When viewing the 'Basic' tab of the user, the 'Home:' is given as 'afp://<server FQDN>/Homes/jwarren'. That looks right to me, but I cannot login as the user 'jwarren' from the client Mac's login screen (Network Users are enabled on the client Mac). When I log in as a different user on the client Mac, I can browse the network, and the above afp path is automatically mounted.
  Is there some other setting needed so that the client Mac will 'see' the network user I have set up? As I say, the autmount sharepoint is set up, and the user is set up in OpenDirectory (on the server) to have a home folder on the automount. But when I'm at the login screen on the client Mac, the network user does not appear in the list, and if I try to login by typing the username and password manually, the login window just shakes as it does when one enters the incorrect password.
  Any further help much appreciated!

• OS X Server 3 new installation - network users can`t connect - what the h... am I doing wrong ?!?!

  Mac Server 3 drives me crazy ...
  I have a brand new MacMini here with Maverick on board, and two brandnew Macbook Air and 3 27"iMac that I want to set up as small office. The MacMini should act as Server (with two thunderbolt harddisks connected) for the rest. So far the theory, meanwhile I´m the reality of Server 3 ...
  Having years of experience with "normal network" solutions like filesharing etc. I had a look at Server 3 and thought it couldn`t be that complicated to set it up - but meanwhile I`m disillusioned.
  I`ve now completely reinstalled the MacMini and the Server the third time, connected directly to the Airport Extreme, started filesharing and started the Server app. afterwards. Then I just
  - opened the settings of the server, set up a local network (xxx.local)
  - activated push-notification and got a ceritficate
  - started the profile manager
  - started open directory
  - started started the DNS server
  - started file sharing (creating a new folder on the MacMini, offering user folders via SMB or AFP (tested both))
  - started the other services (calendar, contacts, etc.)
  - opened ports for the public services on the AirportExtreme
  - set up a testuser (network user), giving access to all services
  - gave the test user access to the network folder created
  On the Macbook Air i used for testing I registered the network account server (getting a green light afterwards), put the hook at "allow network users to sign on" (I even coot see the test users name there).
  But after switching to the login I only got normal users on the MacBook Air. Switching the "allow network users to sign on" sometimes resulted in a third user "other" where I could enter the Username and password - but : no result - just as explained several times in this thread ... :-( :-(
  The last three days I tried several setups, switch and renamed, issued certificates, tried out the profile manager and registered the MBA, set up the user folder via AFP and SMB, ...
  But : no access to the network user granted ...
  Just read the last lines of the Protokoll after my last attempts and could read "connection invalid" and "connection denied" several times in it ... does anyone have an idea what`s going wrong here ?!?!??!
  I really need to set up this server a.s.a. possible and am really frustrated about this really not Apple like behaviour of this software *eyesroll* ...
  Any help appreciated !

  Hi,
  sorry, but frustration continues ... here`s what I did :
  - complete did the forth reinstall of the MacMini, new Maverick, all updates. Then installed the server.app
  - delete all network connections except the Ethernet, gave it a static IP 10.0.1.201
  - started the server app, renamed the computername and the hostname
  Result :
  - This automatically started the DNS server - i just checked this and found a server.dizwo.private entry pointing at the 10.0.1.201. According to your proposal I entered a second entry with "dizwo.private" pointing at the same IP 10.0.1.201 (named "server") - as you didn´t respond to my request above the entries are only guesses
  - on the AirportExtreme I opened the ports for all necessary services
  - I created a public user folder with all necessary access types (using SMB for the user folder)
  - created network user pointing at this folder
  - checked whether it has access to all services (was already  preset) and gave him access read/write to the user folder
  - last but not least i started the OpenDirectory server showing availibility of the OD server at server.dizwo.private
  ... and then ?
  On the MacBook Air and on another iMac I first had a look whether I get access to the user folder on the server. I could see it in the finder windows and got access, okay - fine.
  Then I want to set up the OD server in the user settings on the clients - but in contrary to my earlier tries I didn`t got the OD server name, but simply a "server.local".
  Trying to enter the "server.dizwo.private" simply resulted in a "host not found" ??!?!
  You can imagine how frustrated I`m now about all this stuff - I`m Apple user since more than 20 years and haven`t seen such weird behaviour of an Apple software before - not user friendly in any matter ... .
  This server software is advertised and looking like to be an easy to use front end to create a server, even the "manuals" (not that I would tell them so ...) do so. But it looks like it`s really more a trial and error thing when you do the installation ...
  So : what I did I do wrong now ? Is there anything that I missed ? Is it a certificate thing (I didn`t set up a custom one but used the intermediate one preinstalled) ? Or another network issue ? The DNS server ? The OD server ? The naming of the server ?
  I really urgently need help - need to set up this server the next 2 weeks !!
  any help appreciated !!

• Network users not showing up at login screen

  Hello, I am new to Server and I have set up an Open Directory setup (using smb for home folders, I heard that it was faster or something somewhere) on my server iMac 27".  This iMac is running Mavericks 10.9.4 and the latest version of Server 3.  On my client iMac 24", I have bound the server to the iMac, as evidenced by the green dot next to the server IP in System Preferences Users and Groups.  The iMac is running Mavericks 10.9.4 as well.  For the network accounts, I have chosen to store the home folders on the server itself, so they are not mobile.  When I try to log in to the network accounts from the client iMac 24", the "Other..." selection does not appear so that I can input the username and password for the network user.  However, I am able to log in to the network accounts just fine from the server iMac 27", as well as another MacBook running Lion 10.7.5.  How can I get the "Other..." selection to show up on my login screen so that I am able to log in to the network accounts?
  And yes, "Allow network users to log in at the login window" is checked.

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address.
  2. You must have a working DNS service, and the master's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Follow these instructions to rebuild the Kerberos configuration on the master.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

• Network users not appearing on login screen

  Hi all. I have just started setting up Lion Server for my household however have a slight issue with allowing network users to logon to devices. If I allow usernames and passwords to be typed in manually then network users can login, however if I want to have them show up as users on the login screen it doesn't work.
  Is there a way for network users to be visible on the login screen at all times please? There are only two network users in my house.
  Thanks,
  Jordan

  See my reply here https://discussions.apple.com/message/16280642 where I previously described how to do this.You will need Workgroup Manager installed for Lion if you have not already downloaded and installed this. You can get it here http://support.apple.com/kb/DL1419

• Mountain Lion Server: add network user to remote management

  Hi,
  So recently I have upgraded from Lion Server to ML Server. A little disappointing, but whatever, I've moved on and got everything almost back to where I had it with Lion.
  My last few issues I believe are related but can't quite figure it out. In Lion I have an admin profile and then a network user profile that I used on my MBP bound with AD. I'm at the stage where my nre network user can log in on the server machine but I can't log in as the network user via screen sharing. I can't add a network user to Remote Management, and with Remote Management enabled Screen Sharing is greyed out. I'd really like this to work.
  My second problem is that I can't bind my MBP to the server but even when bound the network user account can't log in.
  Any body have  any ideas?
  Thanks!

  I had this problem on a clean install.
  The solution was incredibly simple for me, but only  after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
  That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window."  I had this option set (apparently by default) to "Only these network users:"  but with an empty list.  Adding my users to the list made it work perfectly.
  Talk about KISS

• Local copy of Network User files

  With the latest OS X Server, I see how you can use a Network User account to log onto the server or any "bound" client machine on the home network.  However, when leaving home with a "client" machine (e.g. MacAir with Mountain Lion), is their someway to have a local copy of the Network User files on the client?  Hopefully you can see the objective of this question: while at home, use any machine to work with the files, but when you leave the network, how can you have a synchronized copy of the files on a Mac laptop?  If needed I can dedicate a client machine for each user, so maybe there's a way to designate the files of a Network User on another, non-server, client machine like a Mac laptop?

  I have the same question, cause I do not have more space on iCloud for more backups, and I really want to save an older backup from my iPhone, that speceific backup was the last one before my iPhone was stoled. if anyone know if it is posible to locate that file on "iCloud" and save it, I use iCloud instead of iTunes, and I do not know where to look for it...
  thanks

• How do I allow access to non admin network users to disk volume?

  I would like to allow access to a specific volume (disk) on one of our networked macs (Mac1) to all users. I've set user accounts on Mac 1 for all network users. These users are "regular" users, not admin. They can access this disk (and all others on Mac1) if I log in as Admin set Users to Admin. If I do this, then users have access to ALL data on all disks. If I do not, leaving them as "regular" users, when they log in they only see public folders. How can I allow access to the one disk volume without making network users admin? I tried changing various settings for the volume in Finder Info (everone else=read/write; ignore permissions) with no luck.
  Thanks
  iMac, ibooks, G5, Tibook   Mac OS X (10.4.4)  

  Your observations are correct - by default, an "admin" user connecting over AFP can choose from available "volumes" (default) or "shares", whereas a non-admin user can only mount "shares".
  By default, the only "shares" on an OS X client machine are the users' "Public" folders, and unlike pre-OS X Macs, it isn't easy to configure your own share points. Apple's official statement is that users wanting this functionality should buy OS X Server.
  However, it is possible to create an arbitrary share point using 3rd party software called "SharePoints" (donationware). I have never used it, but it seems to be well regarded. Alternatively, you can do it manually following the instructions in this hint & comments (especially apw8's):
  http://www.macosxhints.com/article.php?story=20011108161839416
  Once the external drive (or folder on the external drive) is configured as a share point, it should be possible for non-admin users to select and mount it once they connect over AFP.

• Network users doesn't show up on snow leopard client

  Hello,
  I am having a weird problem with my snow leopard client that won't show a list of the network users.
  The server is a open directory server and other snow leopard client can show the list of the network users on login screen except one. I've tried different connections via ethernet or via wireless. (I have 2 client set up at the moment, they are exactly the same clone, client #1 show the list of network user but not client #2).
  client #2 will immediately recognize the network accounts are available upon start-up but won't show the list. The computers are added to workgroup manager's computer list and is managed but if the network list doesn't show up on the client that makes the client un-managed.
  Could anyone kindly give me advise please?
  Thanks!
  Sumomo

  Hi
  +". . . they are exactly the same clone . . ."+
  This might be where your problem begins and ends? If you joined client # 1 to OD and then cloned this to create client # 2 then you're probably going to have the problems you're seeing?
  If you want all your workstations to be the same it's best to remove any references to any LDAP Server as well as any TGTs. It's also a good idea to give each client workstation unique names prior to joining an LDAP Directory after they've been imaged. You can create a NetBoot Image with an associated workflow that will define unique names as well as join an LDAP Directory as Post Install actions.
  The above assumes you actually meant to post in the appropriate Snow Leopard Forum rather than the 10.4 one? Perhaps you should have posted here:
  http://discussions.apple.com/forum.jspa?forumID=1349
  HTH?
  Tony

• Can't login to ML server network user from a client

  Hi,
  The computer name on my customer's ML server was changed post OD installation. Now I can't login with network user credentials from a MacBook.
  I also see the old server/hostname displayed in workgroup manager under "location" (see attached).
  I've tried destroying OD by deleting it in Server app then re-adding it again but it still shows the old name in WGM as shown in the screenshot above.
  I suspect this is related to authentication problems. Should I be running a utility like changeDirData.pl to update the old values? If so, what is the syntaxt?
  Old name was: server1.stmarys.lan
  New name is: server1.local
  I ran the following: sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/changeDirData.pl -i -s 192.168.2.2 -u diradmin -o server1.stmarys.lan -n server1.local
  But got an error: cant contact ldap server to get config info

  After contacting Apple server support, I was told there were two issues:
  1- ".local" cannot be used in a hostname due to conflict with Bonjour
  2- Hostnames must have three parts like "server.company.lan" & "server.lan" cannot be used
  I wish Apple would inform users with a pop-up about these rules before they waste a lot of time having to re-do everything from scrath. I was lucky enough to have an export of all users.
  If these rules are followed from the begining, DNS would auto-configure itself with the appropriate forward & reverse records.